Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support JSON lists for Okta user groups+policies. #3801

Merged
merged 2 commits into from
Jan 16, 2018
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 13 additions & 8 deletions builtin/credential/okta/backend_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,16 +53,16 @@ func TestBackend_Config(t *testing.T) {
testConfigCreate(t, configData),
testLoginWrite(t, username, "wrong", "E0000004", 0, nil),
testLoginWrite(t, username, password, "user is not a member of any authorized policy", 0, nil),
testAccUserGroups(t, username, "local_grouP,lOcal_group2"),
testAccUserGroups(t, username, "local_grouP,lOcal_group2", []string{"user_policy"}),
testAccGroups(t, "local_groUp", "loCal_group_policy"),
testLoginWrite(t, username, password, "", defaultLeaseTTLVal, []string{"local_group_policy"}),
testLoginWrite(t, username, password, "", defaultLeaseTTLVal, []string{"local_group_policy", "user_policy"}),
testAccGroups(t, "everyoNe", "everyone_grouP_policy,eveRy_group_policy2"),
testLoginWrite(t, username, password, "", defaultLeaseTTLVal, []string{"local_group_policy"}),
testLoginWrite(t, username, password, "", defaultLeaseTTLVal, []string{"local_group_policy", "user_policy"}),
testConfigUpdate(t, configDataToken),
testConfigRead(t, token, configData),
testLoginWrite(t, username, password, "", updatedDuration, []string{"everyone_group_policy", "every_group_policy2", "local_group_policy"}),
testLoginWrite(t, username, password, "", updatedDuration, []string{"everyone_group_policy", "every_group_policy2", "local_group_policy", "user_policy"}),
testAccGroups(t, "locAl_group2", "testgroup_group_policy"),
testLoginWrite(t, username, password, "", updatedDuration, []string{"everyone_group_policy", "every_group_policy2", "local_group_policy", "testgroup_group_policy"}),
testLoginWrite(t, username, password, "", updatedDuration, []string{"everyone_group_policy", "every_group_policy2", "local_group_policy", "testgroup_group_policy", "user_policy"}),
},
})
}
Expand Down Expand Up @@ -154,19 +154,24 @@ func testAccPreCheck(t *testing.T) {
if v := os.Getenv("OKTA_ORG"); v == "" {
t.Fatal("OKTA_ORG must be set for acceptance tests")
}

if v := os.Getenv("OKTA_API_TOKEN"); v == "" {
t.Fatal("OKTA_API_TOKEN must be set for acceptance tests")
}
}

func testAccUserGroups(t *testing.T, user string, groups string) logicaltest.TestStep {
func testAccUserGroups(t *testing.T, user string, groups interface{}, policies interface{}) logicaltest.TestStep {
return logicaltest.TestStep{
Operation: logical.UpdateOperation,
Path: "users/" + user,
Data: map[string]interface{}{
"groups": groups,
"groups": groups,
"policies": policies,
},
}
}

func testAccGroups(t *testing.T, group string, policies string) logicaltest.TestStep {
func testAccGroups(t *testing.T, group string, policies interface{}) logicaltest.TestStep {
t.Logf("[testAccGroups] - Registering group %s, policy %s", group, policies)
return logicaltest.TestStep{
Operation: logical.UpdateOperation,
Expand Down
20 changes: 6 additions & 14 deletions builtin/credential/okta/path_users.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package okta

import (
"context"
"strings"

"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
Expand Down Expand Up @@ -31,13 +30,13 @@ func pathUsers(b *backend) *framework.Path {
},

"groups": &framework.FieldSchema{
Type: framework.TypeString,
Description: "Comma-separated list of groups associated with the user.",
Type: framework.TypeCommaStringSlice,
Description: "List of groups associated with the user.",
},

"policies": &framework.FieldSchema{
Type: framework.TypeString,
Description: "Comma-separated list of policies associated with the user.",
Type: framework.TypeCommaStringSlice,
Description: "List of policies associated with the user.",
},
},

Expand Down Expand Up @@ -111,15 +110,8 @@ func (b *backend) pathUserWrite(ctx context.Context, req *logical.Request, d *fr
return logical.ErrorResponse("Error empty name"), nil
}

groups := strings.Split(d.Get("groups").(string), ",")
for i, g := range groups {
groups[i] = strings.TrimSpace(g)
}

policies := strings.Split(d.Get("policies").(string), ",")
for i, p := range policies {
policies[i] = strings.TrimSpace(p)
}
groups := d.Get("groups").([]string)
policies := d.Get("policies").([]string)

// Store it
entry, err := logical.StorageEntryJSON("user/"+name, &UserEntry{
Expand Down
33 changes: 21 additions & 12 deletions website/source/api/auth/okta/index.html.md
Original file line number Diff line number Diff line change
Expand Up @@ -139,14 +139,15 @@ Registers a new user and maps a set of policies to it.
### Parameters

- `username` `(string: <required>)` - Name of the user.
- `groups` `(string: "")` - Comma-separated list of groups associated with the
user.
- `policies` `(string: "")` - Comma-separated list of policies associated with
the user.
- `groups` `(array: [])` - List or comma-separated string of groups associated with the user.
- `policies` `(array: [])` - List or comma-separated string of policies associated with the user.

```json
{
"policies": "dev,prod",
"policies": [
"dev",
"prod"
]
}
```

Expand Down Expand Up @@ -189,8 +190,11 @@ $ curl \
"lease_duration": 0,
"renewable": false,
"data": {
"policies": "default,dev",
"groups": ""
"policies": [
"default",
"dev",
],
"groups": []
},
"warnings": null
}
Expand Down Expand Up @@ -244,7 +248,7 @@ $ curl \
"data": {
"keys": [
"admins",
"dev-users"
"dev-users"
]
},
"lease_duration": 0,
Expand All @@ -264,12 +268,14 @@ Registers a new group and maps a set of policies to it.
### Parameters

- `name` `(string: <required>)` - The name of the group.
- `policies` `(string: "")` - Comma-separated list of policies associated with
the group.
- `policies` `(array: [])` - The list or comma-separated string of policies associated with the group.

```json
{
"policies": "dev,prod",
"policies": [
"dev",
"prod"
]
}
```

Expand Down Expand Up @@ -312,7 +318,10 @@ $ curl \
"lease_duration": 0,
"renewable": false,
"data": {
"policies": "default,admin"
"policies": [
"default",
"admin"
]
},
"warnings": null
}
Expand Down